Glossary

Today’s attackers are taking advantage of changing business dynamics to target people everywhere they work. Staying current on the latest attack vectors and threats is an essential part of securing the enterprise against breaches and compromised data.

  • A

    Advanced Persistent Threat (APT)

    A prolonged and targeted cyberattack in which an intruder gains access to a network and remains undetected for an extended period.
  • Adware

    Unwanted software designed to throw advertisements up on your screen, most often within a web browser.
  • B

    Botnet

    A network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.
  • Brute Force Attack

    A trial-and-error method used to obtain information such as a user password or personal identification number (PIN).
  • C

    Chain of Custody

    Documentation that shows how evidence has been collected, analysed, and preserved to be presented in court.
  • Cross-Site Scripting (XSS)

    A security breach that occurs when attackers inject malicious scripts into content from otherwise trusted websites.
  • Cryptocurrency Mining Malware

    Malware that uses a computer's resources to mine cryptocurrency without the user's consent.
  • Cryptojacking

    The unauthorized use of someone else’s computer to mine cryptocurrency.
  • Cyber Espionage

    The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary or classified).
  • D

    Data Breach

    An incident in which information is accessed without authorization.
  • Data Exfiltration

    Unauthoriaed transfer of data from a computer or other device.
  • DDoS Attack (Distributed Denial of Service)

    An attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
  • Deepfake

    Synthetic media in which a person's likeness has been algorithmically replaced with another's likeness.
  • Denial-of-Service (DoS) Attack

    An interruption in an authorized user's access to a computer network, typically one caused with malicious intent.
  • Digital Forensics

    The process of uncovering and interpreting electronic data for use in a court of law.
  • Distributed Denial-of-Service (DDoS) Attack

    A variant of the DoS attack that uses multiple compromised systems to target a single system causing a DoS attack.
  • E

    Eavesdropping Attack

    An attack where unauthorized individuals intercept private communications.
  • Encryption

    The method by which information is converted into secret code that hides the information's true meaning.
  • Encryption

    The process of converting information or data into a code, especially to prevent unauthorised access.
  • Endpoint Detection and Response (EDR)

    Cybersecurity technology that continually monitors and responds to mitigate cyber threats on endpoints.
  • F

    Firewall

    A network security device that monitors and filters incoming and outgoing network traffic based on an organization’s previously established security policies.
  • Fishing

    The act of making fraudulent communications that appear to come from a reputable source, usually through email.
  • G

    Grayware

    Unwanted applications or files that are not classified as malware but can worsen the performance of computers and may cause security risks.
  • H

    Hacking

    Unauthorized intrusion into a computer or a network.
  • Hoax

    A false warning about a virus or other malware.
  • Honeypot

    A security mechanism set to detect, deflect, or study attempts at unauthorised use of information systems.
  • I

    Identity and Access Management (IAM)

    Frameworks for business processes that facilitate the management of electronic identities.
  • Incident Response Plan (IRP)

    A set of procedures to detect, respond to, and recover from network security incidents.
  • Insider Threat

    A threat to an organization that comes from employees, former employees, contractors, or business associates who have inside information concerning the organisation's security practices.
  • Intrusion Detection System (IDS)

    A device or software application that monitors network or system activities for malicious activities or policy violations.
  • IP Spoofing

    A technique used to gain unauthorized access to computers, whereby the intruder sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
  • J

    Jailbreaking

    The process of removing restrictions on iOS to allow for the installation of unauthorized software.
  • K

    Keylogger

    A type of surveillance technology used to monitor and record each keystroke typed on a specific computer's keyboard.
  • L

    Logic Bomb

    A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met.
  • M

    Malware

    Software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
  • Man-in-the-Middle (MitM) Attack

    An attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other.
  • Multi-factor Authentication (MFA)

    A method of computer access control in which a user is only granted access after successfully presenting several separate pieces of evidence.
  • N

    Network Sniffing

    A method used by cybercriminals to capture data as it travels over a network.
  • O

    Open Source Intelligence (OSINT)

    Intelligence collected from publicly available sources.
  • P

    Patch Management

    The process of distributing and applying updates to software to ensure it is up to date and secure.
  • Penetration Testing

    Simulated cyber attack against your computer system to check for exploitable vulnerabilities.
  • Pharming

    A cyber attack intended to redirect a website's traffic to another, fake site.
  • Phishing

    The attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.
  • Privilege Escalation

    A situation where an attacker with some level of restricted access is able to, without authorization, elevate their privileges or access level.
  • Public Key Infrastructure (PKI)

    A set of roles, policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption.
  • Q

    Quick Response (QR) Code Tampering

    Manipulating the QR code to redirect to a malicious site or inject malware.
  • R

    Ransomware

    Malware that locks or encrypts data until a ransom is paid.
  • Rootkit

    A set of software tools that enable an unauthorized user to gain control of a computer system without being detected.
  • S

    Secure Sockets Layer (SSL)

    A standard security technology for establishing an encrypted link between a server and a client.
  • SIEM (Security Information and Event Management)

    Software solutions that provide real-time analysis of security alerts generated by applications and network hardware.
  • Social Engineering

    The use of deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes.
  • Spear Phishing

    An email targeted at a specific individual or department within an organization that appears to be from a trusted source. It's actually a phishing attempt.
  • Spoofing

    Faking the sending address of a transmission to gain unauthorised entry into a secure system.
  • SQL Injection

    A type of security exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to resources or make changes to data.
  • T

    Threat Intelligence

    Information used to understand the threats that have, will, or are currently targeting the organisation.
  • Tokenization

    The process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token, that has no extrinsic or exploitable meaning or value.
  • Trojan Horse

    Any malicious computer program which misleads users of its true intent.
  • Two-Factor Authentication (2FA)

    A security process in which users provide two distinct forms of identification to access their account.
  • U

    URL Injection

    A type of attack where the attacker creates new pages on the target site filled with spammy words or malicious scripts.
  • V

    Virus

    A type of malicious software program that, when executed, replicates itself by modifying other computer programs and inserting its own code.
  • Vishing

    The fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies to induce individuals to reveal personal information, such as bank details and credit card numbers.
  • VPN (Virtual Private Network)

    Extends a private network across a public network, enabling users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
  • Vulnerability Assessment

    The process of identifying, quantifying, and prioritising (or ranking) the vulnerabilities in a system.
  • W

    Wardriving

    Searching for Wi-Fi wireless networks by a person in a moving vehicle, using a laptop or smartphone.
  • Whaling

    A specific type of phishing aimed at senior executives and other high-profile targets.
  • Whitelisting

    A security process that allows only pre-approved software to run on a system.
  • X

    XSS (Cross-Site Scripting)

    An attack that injects malicious scripts into otherwise benign and trusted websites.
  • Z

    Zero-Day Attack

    An attack that exploits a potentially serious software security weakness that the vendor or developer may be unaware of.